Criminals hijack social media sites with ‘friend in distress’ scams

23 Aug 2011

A disturbing new trend has emerged whereby social media savvy cyber criminals are targeting the friend-lists of holiday makers who have gloated about their break or posted pictures, seeking to use their knowledge of the holiday to create fake emergencies in order to scam money from these friends.

Knowledge of the holiday destination is enabling criminals to hack into the friends’ accounts and send messages pretending to be the friend and claiming they’ve just been robbed.

“Say someone posted on his Facebook profile that they’re looking forward to their holiday in Lanzarote,” explained Urban Schrott, ESET Ireland’s cybercrime analyst.

“Well, cybercriminals often check for such info on visible Facebook accounts and then they can easily fake an email seemingly from them and target some of their friends saying something like ‘I was mugged in Lanzarote, please send me €500 to sort things out and get home,’ with a request to transfer funds through untraceable Western Union.”

Friends in need …

Schrott continued: “Scams like this appear credible, and are occurring all the time. With the location of the holiday made known, many people fall for it and send ‘friend in distress’ money, then are shocked to find the friend was never mugged and knows nothing about it.”

ESET Ireland asked Irish computer users how much info they reveal on social media. One third of Irish adult internet users never post their travel plans on a social media website.

“Just under one in 10 always post, while another one in 10 only allow certain friends to see the information. If we say the worst security offenders are those that tell all, well, there’s only about 9pc of those. But add to that another 13pc that sometimes post, and 8pc that only tell some friends, then nearly a third does reveal some info, therefore putting themselves and their friends at risk,” Schrott said.

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years